Re: new internet draft - LDAP Extensions Style Guide

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:04 PM 8/16/00 +0100, David Chadwick wrote:

>> I would not say that it is "a nonsense".  
>
>I thought I had given a good example of where it was not a sensible 
>strategy to be adopted by a server, for example, using the duplicate 
>entries control in a Search result when the client did not ask for it on 
>the Search request, but had said on the Bind that it can support this 
>control.

But please note that control upon on bind operation are
not protected by the privacy and integrity negotiated by
the bind operation itself.  This must be taken into
consideration.

Also, the Bind resultCode should be a clear indicate of authentication/authorization result and not overload with
extension negotiation.

Lastly, RFC2251 places specific restrictions upon the uses
of request controls which must be taken into consideration.

Controls upon the bind operation should be avoided.  Extended
operations is more suitable mechanism for extending "the session".
StartTLS is a good example of such.

Kurt